OPENSUSE-SU-2026:20676-1 Security update for build, product-composer

This update for build, product-composer fixes the following issues: Changes in build: - Support a new "IgnoreRebuild" config. - build-recipe-kiwi: Add support for oci containers Avoid needlessly compressing container images Detect container images based on build result file name - Fix queryrecipe...

The vulnerability of the Podman software for managing and launching OCI containers is related to errors in the certificate validation process, allowing an attacker to execute a “man-in-the-middle” attack.

The vulnerability of the Podman software for managing and launching OCI containers is related to errors in the certificate validation process. Exploiting this vulnerability could allow a remote attacker to execute a “man-in-the-middle” attack...

podman: Multiple Vulnerabilities

Background Podman is a tool for managing OCI containers and pods with a Docker-compatible CLI. Description Please review the referenced CVE identifiers for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround at this time. Resolution Al...

BIT-COSIGN-2023-46737 Possible endless data attack from attacker-controlled registry in cosign

Cosign is a sigstore signing tool for OCI containers. Cosign is susceptible to a denial of service by an attacker controlled registry. An attacker who controls a remote registry can return a high number of attestations and/or signatures to Cosign and cause Cosign to enter a long loop resulting in...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : cosign (SUSE-SU-2023:4870-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2023:4870-1 advisory. - Cosign is a sigstore signing tool for OCI containers. Cosign is susceptible to a denial of service by a...

CVE-2023-46737

Cosign is a sigstore signing tool for OCI containers. Cosign is susceptible to a denial of service by an attacker controlled registry. An attacker who controls a remote registry can return a high number of attestations and/or signatures to Cosign and cause Cosign to enter a long loop resulting in...

CVE-2023-46737 Possible endless data attack from attacker-controlled registry in cosign

Cosign is a sigstore signing tool for OCI containers. Cosign is susceptible to a denial of service by an attacker controlled registry. An attacker who controls a remote registry can return a high number of attestations and/or signatures to Cosign and cause Cosign to enter a long loop resulting in...

CVE-2023-46737

CVE-2023-46737 affects Cosign, a sigstore signing tool for OCI containers. The root cause is that Cosign loops through all attestations fetched from a remote registry in pkg/cosign.FetchAttestations, allowing an attacker-controlled registry to return a high number of attestations or signatures an...

CVE-2023-46737 Possible endless data attack from attacker-controlled registry in cosign

Cosign is a sigstore signing tool for OCI containers. Cosign is susceptible to a denial of service by an attacker controlled registry. An attacker who controls a remote registry can return a high number of attestations and/or signatures to Cosign and cause Cosign to enter a long loop resulting in...

The vulnerability of the Podman software for managing and starting OCI containers on operating systems such as Red Hat Enterprise Linux, RedOS, and the corporate platform Red Hat OpenShift Container Platform allows a attacker to gain access to arbitrary files in the host’s file system.

The vulnerability of the Podman software for managing and starting OCI containers on Red Hat Enterprise Linux, RedOS, and the corporate platform Red Hat OpenShift Container Platform is related to synchronization errors when using shared resources. Exploiting this vulnerability can allow a malicio...

crun bug fix and enhancement update

An update is available for crun. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The crun packages contain a runtime for running Open Container Initiative OCI...

crun bug fix and enhancement update

An update is available for crun. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The crun packages contain a runtime for running Open Container Initiative OCI...

Podman publishes a malicious image to public registries

Podman is a tool for managing OCI containers and pods. A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this image is downloaded by a potential victim, the vulnerability is triggered after a user runs the 'podman...

GHSA-66VW-V2X9-HW75 Podman publishes a malicious image to public registries

Podman is a tool for managing OCI containers and pods. A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this image is downloaded by a potential victim, the vulnerability is triggered after a user runs the 'podman...

Podman lifting vulnerability

Podman is an engine for developing, managing, and running OCI containers on Linux systems. Podman suffers from a privilege elevation vulnerability, which stems from improperly managed runtime permissions and can be exploited by attackers to elevate the privileges of the system...

Fedora: Security Advisory for crun (FEDORA-2022-10fd054d40)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 34 Update: crun-1.4.4-1.fc34

crun is a runtime for running OCI containers...

Fedora: Security Advisory for crun (FEDORA-2021-0c53d8738d)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 33 Update: crun-0.20.1-1.fc33

crun is a runtime for running OCI containers...

Fedora: Security Advisory for crun (FEDORA-2021-83b3740389)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...